Apple urges users to upgrade their devices immediately to patch three 'active' zero day...

Jimmy2x

Posts: 234   +29
Staff
Recap: A security bulletin released this week urges Apple users to install available iOS updates immediately. The recommendation came after researchers identified three zero-day exploits, all of which are actively being exploited on unpatched devices, according to reports. The update also patches over 30 other vulnerabilities found in the recent iOS 16.4 release.

Apple urges iPhone and iPad users to update to iOS 16.5 and iPadOS 16.5 immediately to mitigate three zero-day exploits. The vulnerabilities are directly related to the WebKit browser engine and include the following:

  • CVE-2023-32409 – a remote attacker may break out of the Web Content security sandbox
  • CVE-2023-28204 – processing web content may disclose sensitive information
  • CVE-2023-32373 – processing maliciously crafted web content may lead to arbitrary code execution

The identified vulnerabilities increase the risk of users' data and personal information being made accessible to unauthorized 3rd parties. The security holes can also allow bad actors to launch arbitrary code execution attacks to run any command or code on a target machine or process.

Earlier this year, Apple reportedly crossed the two billion active device mark, a milestone demonstrating just how widespread an issue Apple faces. Due to the nature of the vulnerabilities, the WebKit browser engine exploit could affect a large cross-section of these two billion devices. Devices impacted by the identified exploits include:

  • All iPad Pro models
  • iPad Air (3rd generation and later)
  • iPad 5th (generation and later)
  • iPad Mini (5th generation and later)
  • iPhone 6s and later models
  • Mac workstations and laptops running macOS, Big Sur, Monterey, and Ventura
  • Apple Watch (series 4 and later)
  • Apple TV 4K and HD

Many users have already received the iOS automatic updates via Apple's Rapid Security Response system. Typically deployed by geographic region and impacted by connectivity, some users' phones and tablets may still be waiting for the automatic updates. Those users are encouraged manually update their phones to version 16.5. To do this, open the Settings app and navigate to General > Software Update. Tap download and install, then give your phone a few minutes to do its thing.

It is also good hygiene to ensure all your other Apple devices are up-to-date. Updating is easy since the option to download updates manually resides in the same place on all devices – under Settings > General > Software Update.

Permalink to story.

 
For all iphone users, I recommend (for free) Adguard.

You can jack out any unwanted third party ads, banners, annoyances. Its likely the best integration on IOS. Also saves signifcant in resources but pretty much wild exploits as well.
 
Every time I do an update (Mac mini), my Safari history is irretrievably lost. And when I say irretrievably, I mean just that. Safari refuses to touch that history, no matter what I do with any plist, cache, Time Machine or anything else. No advice given on Reddit, Apple's help forum or any other source is of any avail.
Apparently, in my instance, Apple starts a new history from scratch and regards any other history as a potential security threat-actor.
 
Back